[PATCH v5 1/3] Introduce seccomp-assisted syscall filtering
Dmitry V. Levin
ldv at altlinux.org
Sun Sep 22 09:22:54 UTC 2019
On Sun, Sep 22, 2019 at 10:49:10AM +0200, Paul Chaignon wrote:
> On Sat, Sep 21, 2019 at 07:57:21PM +0300, Dmitry V. Levin wrote:
> > On Sat, Sep 21, 2019 at 07:02:24PM +0300, Dmitry V. Levin wrote:
> > [...]
> > > @@ -1759,6 +1768,11 @@ init(int argc, char *argv[])
> > > error_msg_and_help("PROG [ARGS] must be specified with -D");
> > > }
> > >
> > > + if (seccomp_filtering && !followfork) {
> > > + error_msg("-n implies -f");
> > > + followfork = 1;
> > > + }
> > > +
> > > if (optF) {
> > > if (followfork) {
> > > error_msg("deprecated option -F ignored");
> >
> > Looks like -n is currently not compatible with -p, compare e.g.
> >
> > ./set_ptracer_any ./sleep 1 & ../strace -n -f -qq -e trace=exit_group -p $!
> > and
> > ./set_ptracer_any ./sleep 1 & ../strace -f -qq -e trace=exit_group -p $!
>
> No, it's not. As far as I know, there is currently no way to attach a
> seccomp-bpf filter to a running process. We'll need to add an error
> message.
Could we just ignore -n for processes attached using -p?
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20190922/eda1e75f/attachment.bin>
More information about the Strace-devel
mailing list